diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-02-01 17:41:36 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-02-01 17:41:36 -0500 |
| commit | e3db4230cb75e44f913f0d9ece762b3de5501375 (patch) | |
| tree | 14a90f36f7bd679fd19ff0d8ee4d9df5e9504607 | |
| parent | Grsec/PaX: 3.0-{3.2.66,3.14.30,3.18.4}-201501272307 (diff) | |
| download | hardened-patchset-20150131.tar.gz hardened-patchset-20150131.tar.bz2 hardened-patchset-20150131.zip | |
Grsec/PaX: 3.0-{3.14.31,3.18.5-20150131070620150131
| -rw-r--r-- | 3.14.31/0000_README (renamed from 3.14.30/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.31/4420_grsecurity-3.0-3.14.31-201501310705.patch (renamed from 3.14.30/4420_grsecurity-3.0-3.14.30-201501272307.patch) | 312 | ||||
| -rw-r--r-- | 3.14.31/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.30/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.30/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.30/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4435_grsec-mute-warnings.patch (renamed from 3.14.30/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4440_grsec-remove-protected-paths.patch (renamed from 3.14.30/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.30/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.30/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4470_disable-compat_vdso.patch (renamed from 3.14.30/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.31/4475_emutramp_default_on.patch (renamed from 3.14.30/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/0000_README (renamed from 3.18.4/0000_README) | 2 | ||||
| -rw-r--r-- | 3.18.5/4420_grsecurity-3.0-3.18.5-201501310706.patch (renamed from 3.18.4/4420_grsecurity-3.0-3.18.4-201501272307.patch) | 302 | ||||
| -rw-r--r-- | 3.18.5/4425_grsec_remove_EI_PAX.patch (renamed from 3.18.4/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.18.4/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4430_grsec-remove-localversion-grsec.patch (renamed from 3.18.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4435_grsec-mute-warnings.patch (renamed from 3.18.4/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4440_grsec-remove-protected-paths.patch (renamed from 3.18.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4450_grsec-kconfig-default-gids.patch (renamed from 3.18.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.18.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4470_disable-compat_vdso.patch (renamed from 3.18.4/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.18.5/4475_emutramp_default_on.patch (renamed from 3.18.4/4475_emutramp_default_on.patch) | 0 |
22 files changed, 188 insertions, 430 deletions
diff --git a/3.14.30/0000_README b/3.14.31/0000_README index e7390a1..c3d5e32 100644 --- a/3.14.30/0000_README +++ b/3.14.31/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.30-201501272307.patch +Patch: 4420_grsecurity-3.0-3.14.31-201501310705.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.30/4420_grsecurity-3.0-3.14.30-201501272307.patch b/3.14.31/4420_grsecurity-3.0-3.14.31-201501310705.patch index fa3669a..a9df68f 100644 --- a/3.14.30/4420_grsecurity-3.0-3.14.30-201501272307.patch +++ b/3.14.31/4420_grsecurity-3.0-3.14.31-201501310705.patch @@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 5b94752..8acf114 100644 +index 5abf670..9b24a3b 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -12350,7 +12350,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 98aa930..9cfc3c7 100644 +index 2f645c9..7e2933c 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -22,6 +22,7 @@ config X86_64 @@ -12387,7 +12387,7 @@ index 98aa930..9cfc3c7 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -973,6 +975,7 @@ config VM86 +@@ -977,6 +979,7 @@ config VM86 config X86_16BIT bool "Enable support for 16-bit segments" if EXPERT @@ -12395,7 +12395,7 @@ index 98aa930..9cfc3c7 100644 default y ---help--- This option is required by programs like Wine to run 16-bit -@@ -1129,7 +1132,7 @@ choice +@@ -1133,7 +1136,7 @@ choice config NOHIGHMEM bool "off" @@ -12404,7 +12404,7 @@ index 98aa930..9cfc3c7 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1166,7 +1169,7 @@ config NOHIGHMEM +@@ -1170,7 +1173,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12413,7 +12413,7 @@ index 98aa930..9cfc3c7 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1219,7 +1222,7 @@ config PAGE_OFFSET +@@ -1223,7 +1226,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12422,7 +12422,7 @@ index 98aa930..9cfc3c7 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1624,6 +1627,7 @@ source kernel/Kconfig.hz +@@ -1628,6 +1631,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12430,7 +12430,7 @@ index 98aa930..9cfc3c7 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1775,7 +1779,9 @@ config X86_NEED_RELOCS +@@ -1779,7 +1783,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12441,7 +12441,7 @@ index 98aa930..9cfc3c7 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1855,9 +1861,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1859,9 +1865,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -12716,7 +12716,7 @@ index 34bbc09..c126b87 100644 .quad 0x0000000000000000 /* TS continued */ gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index eb25ca1..3de0f7c 100644 +index 8f45c85..fc8346a 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -218,7 +218,7 @@ void __putstr(const char *s) @@ -12764,7 +12764,7 @@ index eb25ca1..3de0f7c 100644 break; default: /* Ignore other PT_* */ break; } -@@ -437,7 +440,7 @@ asmlinkage void *decompress_kernel(void *rmode, memptr heap, +@@ -439,7 +442,7 @@ asmlinkage void *decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -16387,7 +16387,7 @@ index 1717156..14e260a 100644 "6:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 50d033a..59ecefa 100644 +index a94b82e..59ecefa 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -16485,7 +16485,7 @@ index 50d033a..59ecefa 100644 } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -247,11 +258,14 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) +@@ -247,8 +258,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) struct desc_struct *gdt = get_cpu_gdt_table(cpu); unsigned int i; @@ -16495,37 +16495,8 @@ index 50d033a..59ecefa 100644 + pax_close_kernel(); } --#define _LDT_empty(info) \ -+/* This intentionally ignores lm, since 32-bit apps don't have that field. */ -+#define LDT_empty(info) \ - ((info)->base_addr == 0 && \ - (info)->limit == 0 && \ - (info)->contents == 0 && \ -@@ -261,11 +275,18 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) - (info)->seg_not_present == 1 && \ - (info)->useable == 0) - --#ifdef CONFIG_X86_64 --#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0)) --#else --#define LDT_empty(info) (_LDT_empty(info)) --#endif -+/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */ -+static inline bool LDT_zero(const struct user_desc *info) -+{ -+ return (info->base_addr == 0 && -+ info->limit == 0 && -+ info->contents == 0 && -+ info->read_exec_only == 0 && -+ info->seg_32bit == 0 && -+ info->limit_in_pages == 0 && -+ info->seg_not_present == 0 && -+ info->useable == 0); -+} - - static inline void clear_LDT(void) - { -@@ -287,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc) + /* This intentionally ignores lm, since 32-bit apps don't have that field. */ +@@ -295,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc) preempt_enable(); } @@ -16534,7 +16505,7 @@ index 50d033a..59ecefa 100644 { return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24)); } -@@ -311,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) +@@ -319,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) } #ifdef CONFIG_X86_64 @@ -16543,7 +16514,7 @@ index 50d033a..59ecefa 100644 { gate_desc s; -@@ -321,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr) +@@ -329,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr) #endif #ifdef CONFIG_TRACING @@ -16561,7 +16532,7 @@ index 50d033a..59ecefa 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -348,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate) +@@ -356,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate) #define _trace_set_gate(gate, type, addr, dpl, ist, seg) #endif @@ -16570,7 +16541,7 @@ index 50d033a..59ecefa 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -371,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -379,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr, #define set_intr_gate(n, addr) \ do { \ BUG_ON((unsigned)n > 0xFF); \ @@ -16582,7 +16553,7 @@ index 50d033a..59ecefa 100644 0, 0, __KERNEL_CS); \ } while (0) -@@ -401,19 +422,19 @@ static inline void alloc_system_vector(int vector) +@@ -409,19 +422,19 @@ static inline void alloc_system_vector(int vector) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -16605,7 +16576,7 @@ index 50d033a..59ecefa 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -422,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -430,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -16625,7 +16596,7 @@ index 50d033a..59ecefa 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS); -@@ -503,4 +524,17 @@ static inline void load_current_idt(void) +@@ -511,4 +524,17 @@ static inline void load_current_idt(void) else load_idt((const struct desc_ptr *)&idt_descr); } @@ -27866,49 +27837,10 @@ index 24d3c91..d06b473 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 4e942f3..c6e445a 100644 +index 7fc5e84..c6e445a 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c -@@ -29,7 +29,28 @@ static int get_free_idx(void) - - static bool tls_desc_okay(const struct user_desc *info) - { -- if (LDT_empty(info)) -+ /* -+ * For historical reasons (i.e. no one ever documented how any -+ * of the segmentation APIs work), user programs can and do -+ * assume that a struct user_desc that's all zeros except for -+ * entry_number means "no segment at all". This never actually -+ * worked. In fact, up to Linux 3.19, a struct user_desc like -+ * this would create a 16-bit read-write segment with base and -+ * limit both equal to zero. -+ * -+ * That was close enough to "no segment at all" until we -+ * hardened this function to disallow 16-bit TLS segments. Fix -+ * it up by interpreting these zeroed segments the way that they -+ * were almost certainly intended to be interpreted. -+ * -+ * The correct way to ask for "no segment at all" is to specify -+ * a user_desc that satisfies LDT_empty. To keep everything -+ * working, we accept both. -+ * -+ * Note that there's a similar kludge in modify_ldt -- look at -+ * the distinction between modes 1 and 0x11. -+ */ -+ if (LDT_empty(info) || LDT_zero(info)) - return true; - - /* -@@ -71,7 +92,7 @@ static void set_tls_desc(struct task_struct *p, int idx, - cpu = get_cpu(); - - while (n-- > 0) { -- if (LDT_empty(info)) -+ if (LDT_empty(info) || LDT_zero(info)) - desc->a = desc->b = 0; - else - fill_ldt(desc, info); -@@ -118,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx, +@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx, if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; @@ -27920,7 +27852,7 @@ index 4e942f3..c6e445a 100644 set_tls_desc(p, idx, &info, 1); return 0; -@@ -235,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, +@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, if (kbuf) info = kbuf; @@ -27948,7 +27880,7 @@ index 1c113db..287b42e 100644 static int trace_irq_vector_refcount; static DEFINE_MUTEX(irq_vector_mutex); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index f9d976e..488b635 100644 +index b1d9002..04013df 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -66,7 +66,7 @@ @@ -28139,7 +28071,7 @@ index f9d976e..488b635 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index de02906..7353850 100644 +index b20bced..17532ba 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data) @@ -36836,7 +36768,7 @@ index 4044cf7..555ae4e 100644 goto error; diff --git a/crypto/cryptd.c b/crypto/cryptd.c -index 7bdd61b..afec999 100644 +index 75c415d..0b21cd8 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx { @@ -36858,7 +36790,7 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); diff --git a/crypto/cts.c b/crypto/cts.c -index 042223f..133f087 100644 +index 60b9da3..bd94058 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx, @@ -36872,7 +36804,7 @@ index 042223f..133f087 100644 sg_set_buf(&sgdst[0], d, bsize); err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize); diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index 309d345..1632720 100644 +index c305d41..a96de79 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) @@ -36885,7 +36817,7 @@ index 309d345..1632720 100644 kobject_uevent(&pinst->kobj, KOBJ_ADD); diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c -index 4279480..7bb0474 100644 +index fdf7c00..a3e50c3 100644 --- a/crypto/sha1_generic.c +++ b/crypto/sha1_generic.c @@ -64,7 +64,7 @@ int crypto_sha1_update(struct shash_desc *desc, const u8 *data, @@ -36898,7 +36830,7 @@ index 4279480..7bb0474 100644 } memcpy(sctx->buffer + partial, src, len - done); diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c -index 5433667..32c5e5e 100644 +index 136381b..cde0361 100644 --- a/crypto/sha256_generic.c +++ b/crypto/sha256_generic.c @@ -210,10 +210,9 @@ static void sha256_transform(u32 *state, const u8 *input) @@ -36923,7 +36855,7 @@ index 5433667..32c5e5e 100644 return 0; } diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c -index 6ed124f..04d295a 100644 +index 6c6d901..d350854 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -238,7 +238,7 @@ static int sha384_final(struct shash_desc *desc, u8 *hash) @@ -36936,7 +36868,7 @@ index 6ed124f..04d295a 100644 return 0; } diff --git a/crypto/tgr192.c b/crypto/tgr192.c -index 8740355..3c7af0d 100644 +index f7ed2fb..321bc6f 100644 --- a/crypto/tgr192.c +++ b/crypto/tgr192.c @@ -612,7 +612,7 @@ static int tgr160_final(struct shash_desc *desc, u8 * out) @@ -36958,7 +36890,7 @@ index 8740355..3c7af0d 100644 return 0; } diff --git a/crypto/vmac.c b/crypto/vmac.c -index 2eb11a3..d84c24b 100644 +index bf2d3a8..df76a81 100644 --- a/crypto/vmac.c +++ b/crypto/vmac.c @@ -613,7 +613,7 @@ static int vmac_final(struct shash_desc *pdesc, u8 *out) @@ -36971,7 +36903,7 @@ index 2eb11a3..d84c24b 100644 ctx->partial_size = 0; return 0; diff --git a/crypto/wp512.c b/crypto/wp512.c -index 180f1d6..ec64e77 100644 +index 253db94..7ee5a04 100644 --- a/crypto/wp512.c +++ b/crypto/wp512.c @@ -1102,8 +1102,8 @@ static int wp384_final(struct shash_desc *desc, u8 *out) @@ -44092,7 +44024,7 @@ index 1946101..09766d2 100644 #include "qib_common.h" #include "qib_verbs.h" diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c -index ce953d8..1469995 100644 +index fb787c3..1469995 100644 --- a/drivers/input/evdev.c +++ b/drivers/input/evdev.c @@ -422,7 +422,7 @@ static int evdev_open(struct inode *inode, struct file *file) @@ -44104,43 +44036,6 @@ index ce953d8..1469995 100644 return error; } -@@ -757,20 +757,23 @@ static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) - */ - static int evdev_handle_get_val(struct evdev_client *client, - struct input_dev *dev, unsigned int type, -- unsigned long *bits, unsigned int max, -- unsigned int size, void __user *p, int compat) -+ unsigned long *bits, unsigned int maxbit, -+ unsigned int maxlen, void __user *p, -+ int compat) - { - int ret; - unsigned long *mem; -+ size_t len; - -- mem = kmalloc(sizeof(unsigned long) * max, GFP_KERNEL); -+ len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long); -+ mem = kmalloc(len, GFP_KERNEL); - if (!mem) - return -ENOMEM; - - spin_lock_irq(&dev->event_lock); - spin_lock(&client->buffer_lock); - -- memcpy(mem, bits, sizeof(unsigned long) * max); -+ memcpy(mem, bits, len); - - spin_unlock(&dev->event_lock); - -@@ -778,7 +781,7 @@ static int evdev_handle_get_val(struct evdev_client *client, - - spin_unlock_irq(&client->buffer_lock); - -- ret = bits_to_user(mem, max, size, p, compat); -+ ret = bits_to_user(mem, maxbit, maxlen, p, compat); - if (ret < 0) - evdev_queue_syn_dropped(client); - diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index 24c41ba..102d71f 100644 --- a/drivers/input/gameport/gameport.c @@ -45543,7 +45438,7 @@ index a46124e..caf0bd55 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 4913c06..663bb94 100644 +index 175584a..1561092 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1711,6 +1711,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -47805,10 +47700,10 @@ index 9e7d95d..d447b88 100644 Say Y here if you want to support for Freescale FlexCAN. diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c -index cc11f7f..bf7de8b 100644 +index 1468c46..1f8e748 100644 --- a/drivers/net/can/dev.c +++ b/drivers/net/can/dev.c -@@ -756,7 +756,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, +@@ -760,7 +760,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, return -EOPNOTSUPP; } @@ -53164,7 +53059,7 @@ index 2ebe47b..3205833 100644 dlci->modem_rx = 0; diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index d46b4cc..c470f00 100644 +index 850e232..59a0ccd 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -115,7 +115,7 @@ struct n_tty_data { @@ -53176,7 +53071,7 @@ index d46b4cc..c470f00 100644 size_t line_start; /* protected by output lock */ -@@ -2521,6 +2521,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2526,6 +2526,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -59643,10 +59538,10 @@ index ff286f3..8153a14 100644 .attrs = attrs, }; diff --git a/fs/buffer.c b/fs/buffer.c -index 4d06a57..5977df8 100644 +index eef21c6..10a8304 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -3438,7 +3438,7 @@ void __init buffer_init(void) +@@ -3450,7 +3450,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -61908,10 +61803,10 @@ index e6574d7..c30cbe2 100644 brelse(bh); bh = NULL; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 242226a..f3eb6c1 100644 +index 7620133..212880d 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1882,7 +1882,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1884,7 +1884,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -61920,7 +61815,7 @@ index 242226a..f3eb6c1 100644 break; } -@@ -2191,7 +2191,7 @@ repeat: +@@ -2193,7 +2193,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -61929,7 +61824,7 @@ index 242226a..f3eb6c1 100644 goto repeat; } } -@@ -2699,25 +2699,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2701,25 +2701,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -61965,7 +61860,7 @@ index 242226a..f3eb6c1 100644 } free_percpu(sbi->s_locality_groups); -@@ -3171,16 +3171,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3173,16 +3173,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -61988,7 +61883,7 @@ index 242226a..f3eb6c1 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3607,7 +3607,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3609,7 +3609,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -61997,7 +61892,7 @@ index 242226a..f3eb6c1 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3667,7 +3667,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3669,7 +3669,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -62006,7 +61901,7 @@ index 242226a..f3eb6c1 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3756,7 +3756,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3758,7 +3758,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -62015,7 +61910,7 @@ index 242226a..f3eb6c1 100644 return err; } -@@ -3774,7 +3774,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3776,7 +3776,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -63763,7 +63658,7 @@ index b96a49b..9bfdc47 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 0a648bb..8d463f1 100644 +index 6eb13c6..4389620 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1323,7 +1323,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, @@ -65197,7 +65092,7 @@ index 9e38daf..5727cae 100644 "inode 0x%lx or driver bug.", vdir->i_ino); goto err_out; diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c -index db9bd8a..8338fb6 100644 +index 86ddab9..cedba51 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c @@ -1282,7 +1282,7 @@ static inline size_t ntfs_copy_from_user(struct page **pages, @@ -81592,10 +81487,10 @@ index 6c58dd7..80d1d95 100644 #define current_cred_xxx(xxx) \ ({ \ diff --git a/include/linux/crypto.h b/include/linux/crypto.h -index b92eadf..b4ecdc1 100644 +index 2b00d92..ab50c5e 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h -@@ -373,7 +373,7 @@ struct cipher_tfm { +@@ -386,7 +386,7 @@ struct cipher_tfm { const u8 *key, unsigned int keylen); void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); @@ -81604,7 +81499,7 @@ index b92eadf..b4ecdc1 100644 struct hash_tfm { int (*init)(struct hash_desc *desc); -@@ -394,13 +394,13 @@ struct compress_tfm { +@@ -407,13 +407,13 @@ struct compress_tfm { int (*cot_decompress)(struct crypto_tfm *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen); @@ -82047,7 +81942,7 @@ index c0894dd..2fbf10c 100644 }; diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index 39b81dc..819dc51 100644 +index 3824ac6..f3932a3 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -36,6 +36,13 @@ struct vm_area_struct; @@ -83751,7 +83646,7 @@ index a74c3a8..28d3f21 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index e465bb1..19f605f 100644 +index e465bb1..19f605fd 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -52,7 +52,7 @@ extern int kgdb_connected; @@ -84395,18 +84290,18 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 1884353..626ca6b 100644 +index ac819bf..838afec 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -401,7 +401,7 @@ struct zone { - unsigned long flags; /* zone flags, see below */ +@@ -513,7 +513,7 @@ struct zone { + ZONE_PADDING(_pad3_) /* Zone statistics */ - atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; -+ atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; ++ atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; + } ____cacheline_internodealigned_in_smp; - /* - * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on + typedef enum { diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h index 45e9214..4a547ac 100644 --- a/include/linux/mod_devicetable.h @@ -94299,7 +94194,7 @@ index 13d2f7c..c93d0b0 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index 3c49ab4..00a3aea 100644 +index 3eb322e..1ba53cf 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -96119,10 +96014,10 @@ index 09d9591..165bb75 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index bdaa215..2949940 100644 +index 217cfd3..6257351 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1998,7 +1998,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1972,7 +1972,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -96131,7 +96026,7 @@ index bdaa215..2949940 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2162,7 +2162,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, +@@ -2136,7 +2136,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, while (bytes) { char __user *buf = iov->iov_base + base; @@ -96140,7 +96035,7 @@ index bdaa215..2949940 100644 base = 0; left = __copy_from_user_inatomic(vaddr, buf, copy); -@@ -2190,7 +2190,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, +@@ -2164,7 +2164,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, kaddr = kmap_atomic(page); if (likely(i->nr_segs == 1)) { @@ -96149,7 +96044,7 @@ index bdaa215..2949940 100644 char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); copied = bytes - left; -@@ -2218,7 +2218,7 @@ size_t iov_iter_copy_from_user(struct page *page, +@@ -2192,7 +2192,7 @@ size_t iov_iter_copy_from_user(struct page *page, kaddr = kmap(page); if (likely(i->nr_segs == 1)) { @@ -96158,7 +96053,7 @@ index bdaa215..2949940 100644 char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user(kaddr + offset, buf, bytes); copied = bytes - left; -@@ -2248,7 +2248,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) +@@ -2222,7 +2222,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) * zero-length segments (without overruning the iovec). */ while (bytes || unlikely(i->count && !iov->iov_len)) { @@ -96167,7 +96062,7 @@ index bdaa215..2949940 100644 copy = min(bytes, iov->iov_len - base); BUG_ON(!i->count || i->count < copy); -@@ -2319,6 +2319,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2293,6 +2293,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -96632,7 +96527,7 @@ index a98c7fc..393f8f1 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 924429e..732f880 100644 +index 7f30bea..67cb92b 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -99190,7 +99085,7 @@ index 9f45f87..749bfd8 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 4b25829..382c9bd 100644 +index ea41913..d1a474f 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -99210,7 +99105,7 @@ index 4b25829..382c9bd 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -729,6 +730,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -749,6 +750,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -99221,7 +99116,7 @@ index 4b25829..382c9bd 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -745,6 +750,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -765,6 +770,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -99234,7 +99129,7 @@ index 4b25829..382c9bd 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -767,6 +778,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -788,6 +799,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -99255,7 +99150,7 @@ index 4b25829..382c9bd 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -782,6 +807,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -803,6 +828,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -99275,7 +99170,7 @@ index 4b25829..382c9bd 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -910,8 +948,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -931,8 +969,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -99286,25 +99181,16 @@ index 4b25829..382c9bd 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -1960,7 +2000,7 @@ zonelist_scan: - if (alloc_flags & ALLOC_FAIR) { - if (!zone_local(preferred_zone, zone)) - continue; -- if (atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0) -+ if (atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0) - continue; - } - /* -@@ -2424,7 +2464,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, - continue; +@@ -1948,7 +1988,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) + do { mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - - atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH])); + atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH])); - } + zone_clear_flag(zone, ZONE_FAIR_DEPLETED); + } while (zone++ != preferred_zone); } - -@@ -5669,7 +5709,7 @@ static void __setup_per_zone_wmarks(void) +@@ -5711,7 +5751,7 @@ static void __setup_per_zone_wmarks(void) __mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -99313,7 +99199,7 @@ index 4b25829..382c9bd 100644 setup_zone_migrate_reserve(zone); spin_unlock_irqrestore(&zone->lock, flags); -@@ -6611,4 +6651,4 @@ void dump_page(struct page *page, char *reason) +@@ -6652,4 +6692,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -99513,7 +99399,7 @@ index cab9820..cb05259 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index 0f14475..c469130d 100644 +index 85d8a1a..da4e20f 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -99534,7 +99420,7 @@ index 0f14475..c469130d 100644 /* * shmem_fallocate communicates with shmem_fault or shmem_writepage via -@@ -2240,6 +2240,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -2249,6 +2249,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -99546,7 +99432,7 @@ index 0f14475..c469130d 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2295,6 +2300,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2304,6 +2309,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -99562,7 +99448,7 @@ index 0f14475..c469130d 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2607,8 +2621,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2616,8 +2630,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -100672,7 +100558,7 @@ index 63c3ea5..95c0858 100644 } } diff --git a/mm/swap.c b/mm/swap.c -index c8048d7..099d1a3 100644 +index d2ceddf..d585efa 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -31,6 +31,7 @@ @@ -100785,7 +100671,7 @@ index c1010cb..210c536 100644 { struct address_space *mapping = page->mapping; diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 0fdf968..991ff6a 100644 +index aa3891e..97555dd 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -38,6 +38,21 @@ struct vfree_deferred { @@ -101068,7 +100954,7 @@ index 0fdf968..991ff6a 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index def5dd2..4ce55cec 100644 +index eded190..e4203d1 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -20,6 +20,7 @@ @@ -101126,7 +101012,7 @@ index def5dd2..4ce55cec 100644 } } #endif -@@ -1150,10 +1151,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos) +@@ -1151,10 +1152,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos) stat_items_size += sizeof(struct vm_event_state); #endif @@ -101150,7 +101036,7 @@ index def5dd2..4ce55cec 100644 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) v[i] = global_page_state(i); v += NR_VM_ZONE_STAT_ITEMS; -@@ -1302,10 +1315,16 @@ static int __init setup_vmstat(void) +@@ -1303,10 +1316,16 @@ static int __init setup_vmstat(void) put_online_cpus(); #endif #ifdef CONFIG_PROC_FS @@ -118842,10 +118728,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..7ab73a3 +index 0000000..3d3508d --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,6040 @@ +@@ -0,0 +1,6042 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -120927,6 +120813,7 @@ index 0000000..7ab73a3 +l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL +bch_dump_read_22685 bch_dump_read 3 22685 NULL +reg_umr_22686 reg_umr 5 22686 NULL ++nr_cpusets_22705 nr_cpusets 0 22705 NULL +alloc_libipw_22708 alloc_libipw 1 22708 NULL +cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4-0 22735 NULL +ceph_decode_32_22738 ceph_decode_32 0 22738 NULL nohasharray @@ -121580,6 +121467,7 @@ index 0000000..7ab73a3 +read_cis_cache_29735 read_cis_cache 4 29735 NULL +xfs_new_eof_29737 xfs_new_eof 2 29737 NULL +std_nic_write_29752 std_nic_write 3 29752 NULL ++static_key_count_29771 static_key_count 0 29771 NULL +dbAlloc_29794 dbAlloc 0 29794 NULL +tcp_sendpage_29829 tcp_sendpage 4 29829 NULL +__probe_kernel_write_29842 __probe_kernel_write 3 29842 NULL diff --git a/3.14.30/4425_grsec_remove_EI_PAX.patch b/3.14.31/4425_grsec_remove_EI_PAX.patch index 86e242a..86e242a 100644 --- a/3.14.30/4425_grsec_remove_EI_PAX.patch +++ b/3.14.31/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.30/4427_force_XATTR_PAX_tmpfs.patch b/3.14.31/4427_force_XATTR_PAX_tmpfs.patch index aa540ad..aa540ad 100644 --- a/3.14.30/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.31/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.30/4430_grsec-remove-localversion-grsec.patch b/3.14.31/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.30/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.31/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.30/4435_grsec-mute-warnings.patch b/3.14.31/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.30/4435_grsec-mute-warnings.patch +++ b/3.14.31/4435_grsec-mute-warnings.patch diff --git a/3.14.30/4440_grsec-remove-protected-paths.patch b/3.14.31/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.30/4440_grsec-remove-protected-paths.patch +++ b/3.14.31/4440_grsec-remove-protected-paths.patch diff --git a/3.14.30/4450_grsec-kconfig-default-gids.patch b/3.14.31/4450_grsec-kconfig-default-gids.patch index 722821b..722821b 100644 --- a/3.14.30/4450_grsec-kconfig-default-gids.patch +++ b/3.14.31/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.30/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.31/4465_selinux-avc_audit-log-curr_ip.patch index f92c155..f92c155 100644 --- a/3.14.30/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.31/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.30/4470_disable-compat_vdso.patch b/3.14.31/4470_disable-compat_vdso.patch index cc7c122..cc7c122 100644 --- a/3.14.30/4470_disable-compat_vdso.patch +++ b/3.14.31/4470_disable-compat_vdso.patch diff --git a/3.14.30/4475_emutramp_default_on.patch b/3.14.31/4475_emutramp_default_on.patch index ad4967a..ad4967a 100644 --- a/3.14.30/4475_emutramp_default_on.patch +++ b/3.14.31/4475_emutramp_default_on.patch diff --git a/3.18.4/0000_README b/3.18.5/0000_README index d079d57..634a195 100644 --- a/3.18.4/0000_README +++ b/3.18.5/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.18.4-201501272307.patch +Patch: 4420_grsecurity-3.0-3.18.5-201501310706.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.18.4/4420_grsecurity-3.0-3.18.4-201501272307.patch b/3.18.5/4420_grsecurity-3.0-3.18.5-201501310706.patch index 4163835..06b5a6e 100644 --- a/3.18.4/4420_grsecurity-3.0-3.18.4-201501272307.patch +++ b/3.18.5/4420_grsecurity-3.0-3.18.5-201501310706.patch @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 4e93284..ba06195 100644 +index 6276fca..e21ed81 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3525,7 +3525,7 @@ index 7f352de..6dc0929 100644 static int keystone_platform_notifier(struct notifier_block *nb, diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c -index c31f4c0..c86224d 100644 +index 1163a3e..424adbf 100644 --- a/arch/arm/mach-mvebu/coherency.c +++ b/arch/arm/mach-mvebu/coherency.c @@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np) @@ -12536,7 +12536,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 41a503c..cf98b04 100644 +index 3635fff..c1f9fab 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -129,7 +129,7 @@ config X86 @@ -12565,7 +12565,7 @@ index 41a503c..cf98b04 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -973,6 +974,7 @@ config VM86 +@@ -977,6 +978,7 @@ config VM86 config X86_16BIT bool "Enable support for 16-bit segments" if EXPERT @@ -12573,7 +12573,7 @@ index 41a503c..cf98b04 100644 default y ---help--- This option is required by programs like Wine to run 16-bit -@@ -1128,6 +1130,7 @@ choice +@@ -1132,6 +1134,7 @@ choice config NOHIGHMEM bool "off" @@ -12581,7 +12581,7 @@ index 41a503c..cf98b04 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1164,6 +1167,7 @@ config NOHIGHMEM +@@ -1168,6 +1171,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12589,7 +12589,7 @@ index 41a503c..cf98b04 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1216,7 +1220,7 @@ config PAGE_OFFSET +@@ -1220,7 +1224,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12598,7 +12598,7 @@ index 41a503c..cf98b04 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1631,6 +1635,7 @@ source kernel/Kconfig.hz +@@ -1635,6 +1639,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12606,7 +12606,7 @@ index 41a503c..cf98b04 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1816,7 +1821,9 @@ config X86_NEED_RELOCS +@@ -1820,7 +1825,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12617,7 +12617,7 @@ index 41a503c..cf98b04 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1899,6 +1906,7 @@ config COMPAT_VDSO +@@ -1903,6 +1910,7 @@ config COMPAT_VDSO def_bool n prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" depends on X86_32 || IA32_EMULATION @@ -12884,7 +12884,7 @@ index 6b1766c..ad465c9 100644 .quad 0x0000000000000000 /* TS continued */ gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 30dd59a..cd9edc3 100644 +index 0c33a7c..be226ed 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len) @@ -12923,7 +12923,7 @@ index 30dd59a..cd9edc3 100644 break; default: /* Ignore other PT_* */ break; } -@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, +@@ -404,7 +407,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -16544,7 +16544,7 @@ index 0bb1335..8f1aec7 100644 "6:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 50d033a..59ecefa 100644 +index a94b82e..59ecefa 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -16642,7 +16642,7 @@ index 50d033a..59ecefa 100644 } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -247,11 +258,14 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) +@@ -247,8 +258,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) struct desc_struct *gdt = get_cpu_gdt_table(cpu); unsigned int i; @@ -16652,37 +16652,8 @@ index 50d033a..59ecefa 100644 + pax_close_kernel(); } --#define _LDT_empty(info) \ -+/* This intentionally ignores lm, since 32-bit apps don't have that field. */ -+#define LDT_empty(info) \ - ((info)->base_addr == 0 && \ - (info)->limit == 0 && \ - (info)->contents == 0 && \ -@@ -261,11 +275,18 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) - (info)->seg_not_present == 1 && \ - (info)->useable == 0) - --#ifdef CONFIG_X86_64 --#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0)) --#else --#define LDT_empty(info) (_LDT_empty(info)) --#endif -+/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */ -+static inline bool LDT_zero(const struct user_desc *info) -+{ -+ return (info->base_addr == 0 && -+ info->limit == 0 && -+ info->contents == 0 && -+ info->read_exec_only == 0 && -+ info->seg_32bit == 0 && -+ info->limit_in_pages == 0 && -+ info->seg_not_present == 0 && -+ info->useable == 0); -+} - - static inline void clear_LDT(void) - { -@@ -287,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc) + /* This intentionally ignores lm, since 32-bit apps don't have that field. */ +@@ -295,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc) preempt_enable(); } @@ -16691,7 +16662,7 @@ index 50d033a..59ecefa 100644 { return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24)); } -@@ -311,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) +@@ -319,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) } #ifdef CONFIG_X86_64 @@ -16700,7 +16671,7 @@ index 50d033a..59ecefa 100644 { gate_desc s; -@@ -321,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr) +@@ -329,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr) #endif #ifdef CONFIG_TRACING @@ -16718,7 +16689,7 @@ index 50d033a..59ecefa 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -348,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate) +@@ -356,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate) #define _trace_set_gate(gate, type, addr, dpl, ist, seg) #endif @@ -16727,7 +16698,7 @@ index 50d033a..59ecefa 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -371,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -379,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr, #define set_intr_gate(n, addr) \ do { \ BUG_ON((unsigned)n > 0xFF); \ @@ -16739,7 +16710,7 @@ index 50d033a..59ecefa 100644 0, 0, __KERNEL_CS); \ } while (0) -@@ -401,19 +422,19 @@ static inline void alloc_system_vector(int vector) +@@ -409,19 +422,19 @@ static inline void alloc_system_vector(int vector) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -16762,7 +16733,7 @@ index 50d033a..59ecefa 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -422,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -430,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -16782,7 +16753,7 @@ index 50d033a..59ecefa 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS); -@@ -503,4 +524,17 @@ static inline void load_current_idt(void) +@@ -511,4 +524,17 @@ static inline void load_current_idt(void) else load_idt((const struct desc_ptr *)&idt_descr); } @@ -25233,7 +25204,7 @@ index 4ddaf66..49d5c18 100644 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); t->iopl = level << 12; diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 922d285..6d20692 100644 +index 3790775..53717dc 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -22,7 +22,7 @@ @@ -27845,49 +27816,10 @@ index 0fa2960..91eabbe 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 4e942f3..c6e445a 100644 +index 7fc5e84..c6e445a 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c -@@ -29,7 +29,28 @@ static int get_free_idx(void) - - static bool tls_desc_okay(const struct user_desc *info) - { -- if (LDT_empty(info)) -+ /* -+ * For historical reasons (i.e. no one ever documented how any -+ * of the segmentation APIs work), user programs can and do -+ * assume that a struct user_desc that's all zeros except for -+ * entry_number means "no segment at all". This never actually -+ * worked. In fact, up to Linux 3.19, a struct user_desc like -+ * this would create a 16-bit read-write segment with base and -+ * limit both equal to zero. -+ * -+ * That was close enough to "no segment at all" until we -+ * hardened this function to disallow 16-bit TLS segments. Fix -+ * it up by interpreting these zeroed segments the way that they -+ * were almost certainly intended to be interpreted. -+ * -+ * The correct way to ask for "no segment at all" is to specify -+ * a user_desc that satisfies LDT_empty. To keep everything -+ * working, we accept both. -+ * -+ * Note that there's a similar kludge in modify_ldt -- look at -+ * the distinction between modes 1 and 0x11. -+ */ -+ if (LDT_empty(info) || LDT_zero(info)) - return true; - - /* -@@ -71,7 +92,7 @@ static void set_tls_desc(struct task_struct *p, int idx, - cpu = get_cpu(); - - while (n-- > 0) { -- if (LDT_empty(info)) -+ if (LDT_empty(info) || LDT_zero(info)) - desc->a = desc->b = 0; - else - fill_ldt(desc, info); -@@ -118,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx, +@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx, if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; @@ -27899,7 +27831,7 @@ index 4e942f3..c6e445a 100644 set_tls_desc(p, idx, &info, 1); return 0; -@@ -235,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, +@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, if (kbuf) info = kbuf; @@ -28118,7 +28050,7 @@ index 07ab8e9..99c8456 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index b7e50bb..f4a93ae 100644 +index 5054497..139f8f8 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data) @@ -28694,63 +28626,10 @@ index 88f9201..0e7f1a3 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 22e7ed9..c3e2419 100644 +index c7327a7..c3e2419 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -2345,7 +2345,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) - * Not recognized on AMD in compat mode (but is recognized in legacy - * mode). - */ -- if ((ctxt->mode == X86EMUL_MODE_PROT32) && (efer & EFER_LMA) -+ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA) - && !vendor_intel(ctxt)) - return emulate_ud(ctxt); - -@@ -2358,25 +2358,13 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) - setup_syscalls_segments(ctxt, &cs, &ss); - - ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data); -- switch (ctxt->mode) { -- case X86EMUL_MODE_PROT32: -- if ((msr_data & 0xfffc) == 0x0) -- return emulate_gp(ctxt, 0); -- break; -- case X86EMUL_MODE_PROT64: -- if (msr_data == 0x0) -- return emulate_gp(ctxt, 0); -- break; -- default: -- break; -- } -+ if ((msr_data & 0xfffc) == 0x0) -+ return emulate_gp(ctxt, 0); - - ctxt->eflags &= ~(EFLG_VM | EFLG_IF); -- cs_sel = (u16)msr_data; -- cs_sel &= ~SELECTOR_RPL_MASK; -+ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK; - ss_sel = cs_sel + 8; -- ss_sel &= ~SELECTOR_RPL_MASK; -- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) { -+ if (efer & EFER_LMA) { - cs.d = 0; - cs.l = 1; - } -@@ -2385,10 +2373,11 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) - ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); - - ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data); -- ctxt->_eip = msr_data; -+ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data; - - ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data); -- *reg_write(ctxt, VCPU_REGS_RSP) = msr_data; -+ *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data : -+ (u32)msr_data; - - return X86EMUL_CONTINUE; - } -@@ -3519,7 +3508,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) +@@ -3508,7 +3508,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) int cr = ctxt->modrm_reg; u64 efer = 0; @@ -28759,7 +28638,7 @@ index 22e7ed9..c3e2419 100644 0xffffffff00000000ULL, 0, 0, 0, /* CR3 checked later */ CR4_RESERVED_BITS, -@@ -3554,7 +3543,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) +@@ -3543,7 +3543,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) ctxt->ops->get_msr(ctxt, MSR_EFER, &efer); if (efer & EFER_LMA) @@ -28768,17 +28647,6 @@ index 22e7ed9..c3e2419 100644 if (new_val & rsvd) return emulate_gp(ctxt, 0); -@@ -3788,8 +3777,8 @@ static const struct opcode group5[] = { - }; - - static const struct opcode group6[] = { -- DI(Prot, sldt), -- DI(Prot, str), -+ DI(Prot | DstMem, sldt), -+ DI(Prot | DstMem, str), - II(Prot | Priv | SrcMem16, em_lldt, lldt), - II(Prot | Priv | SrcMem16, em_ltr, ltr), - N, N, N, N, diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index b8345dd..f225d71 100644 --- a/arch/x86/kvm/lapic.c @@ -36337,7 +36205,7 @@ index b0c2a61..10bb6ec 100644 goto error; diff --git a/crypto/cryptd.c b/crypto/cryptd.c -index e592c90..c566114 100644 +index 650afac1..f3307de 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx { @@ -36359,7 +36227,7 @@ index e592c90..c566114 100644 static void cryptd_queue_worker(struct work_struct *work); diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c -index 309d345..1632720 100644 +index c305d41..a96de79 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) @@ -36483,10 +36351,10 @@ index c68e724..e863008 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c -index 93b7142..5676c75 100644 +index 6341e66..ebcf59c 100644 --- a/drivers/acpi/device_pm.c +++ b/drivers/acpi/device_pm.c -@@ -1021,6 +1021,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze); +@@ -1029,6 +1029,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze); #endif /* CONFIG_PM_SLEEP */ @@ -36495,7 +36363,7 @@ index 93b7142..5676c75 100644 static struct dev_pm_domain acpi_general_pm_domain = { .ops = { #ifdef CONFIG_PM_RUNTIME -@@ -1039,6 +1041,7 @@ static struct dev_pm_domain acpi_general_pm_domain = { +@@ -1047,6 +1049,7 @@ static struct dev_pm_domain acpi_general_pm_domain = { .restore_early = acpi_subsys_resume_early, #endif }, @@ -36503,7 +36371,7 @@ index 93b7142..5676c75 100644 }; /** -@@ -1108,7 +1111,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on) +@@ -1116,7 +1119,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on) acpi_device_wakeup(adev, ACPI_STATE_S0, false); } @@ -36556,7 +36424,7 @@ index 97683e4..655f6ba 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c5ba15a..75ec7a8 100644 +index 485f7ea..9a8df4a 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -99,7 +99,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -36568,7 +36436,7 @@ index c5ba15a..75ec7a8 100644 struct ata_force_param { const char *name; -@@ -4797,7 +4797,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4800,7 +4800,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -36577,7 +36445,7 @@ index c5ba15a..75ec7a8 100644 ap = qc->ap; qc->flags = 0; -@@ -4813,7 +4813,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4816,7 +4816,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -36586,7 +36454,7 @@ index c5ba15a..75ec7a8 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5917,6 +5917,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -36594,7 +36462,7 @@ index c5ba15a..75ec7a8 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5930,8 +5931,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -36605,7 +36473,7 @@ index c5ba15a..75ec7a8 100644 spin_unlock(&lock); } -@@ -6127,7 +6129,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) +@@ -6130,7 +6132,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { @@ -40662,7 +40530,7 @@ index 2e0613e..a8b94d9 100644 return ret; diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index cadc3bc..1bfccfe 100644 +index 31b9664..5d478d3 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -12811,13 +12811,13 @@ struct intel_quirk { @@ -47309,10 +47177,10 @@ index 98d73aa..63ef9da 100644 Say Y here if you want to support for Freescale FlexCAN. diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c -index 2cfe501..477d4b5 100644 +index 4b008c9..2b1151f 100644 --- a/drivers/net/can/dev.c +++ b/drivers/net/can/dev.c -@@ -868,7 +868,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, +@@ -872,7 +872,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, return -EOPNOTSUPP; } @@ -50108,7 +49976,7 @@ index 2c6643f..3a6d8e0 100644 if (!sysfs_initialized) return -EACCES; diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h -index 4a3902d..7f1fc42 100644 +index b5defca..e3664cc 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -93,7 +93,7 @@ struct pci_vpd_ops { @@ -65809,7 +65677,7 @@ index cd3653e..9b9b79a 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 7dc3ea8..4cfe92f 100644 +index 7dc3ea8..a08077e 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -65952,16 +65820,18 @@ index 7dc3ea8..4cfe92f 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -609,6 +665,8 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) +@@ -609,6 +665,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) if (task) { mm = mm_access(task, mode); -+ if (gr_acl_handle_procpidmem(task)) ++ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) { ++ mmput(mm); + mm = ERR_PTR(-EPERM); ++ } put_task_struct(task); if (!IS_ERR_OR_NULL(mm)) { -@@ -630,6 +688,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -630,6 +690,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) return PTR_ERR(mm); file->private_data = mm; @@ -65973,7 +65843,7 @@ index 7dc3ea8..4cfe92f 100644 return 0; } -@@ -651,6 +714,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -651,6 +716,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -65991,7 +65861,7 @@ index 7dc3ea8..4cfe92f 100644 if (!mm) return 0; -@@ -663,7 +737,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -663,7 +739,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, goto free; while (count > 0) { @@ -66000,7 +65870,7 @@ index 7dc3ea8..4cfe92f 100644 if (write && copy_from_user(page, buf, this_len)) { copied = -EFAULT; -@@ -755,6 +829,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -755,6 +831,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -66014,7 +65884,7 @@ index 7dc3ea8..4cfe92f 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -764,7 +845,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -764,7 +847,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, goto free; while (count > 0) { size_t this_len, max_len; @@ -66023,7 +65893,7 @@ index 7dc3ea8..4cfe92f 100644 if (src >= (mm->env_end - mm->env_start)) break; -@@ -1378,7 +1459,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1378,7 +1461,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -66032,7 +65902,7 @@ index 7dc3ea8..4cfe92f 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1422,8 +1503,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1422,8 +1505,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -66053,7 +65923,7 @@ index 7dc3ea8..4cfe92f 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1473,7 +1564,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1473,7 +1566,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -66065,7 +65935,7 @@ index 7dc3ea8..4cfe92f 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1509,10 +1604,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1509,10 +1606,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -66085,7 +65955,7 @@ index 7dc3ea8..4cfe92f 100644 } } rcu_read_unlock(); -@@ -1550,11 +1654,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1550,11 +1656,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -66106,7 +65976,7 @@ index 7dc3ea8..4cfe92f 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2085,6 +2198,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2085,6 +2200,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -66116,7 +65986,7 @@ index 7dc3ea8..4cfe92f 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2115,6 +2231,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, +@@ -2115,6 +2233,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, if (!task) return -ENOENT; @@ -66126,7 +65996,7 @@ index 7dc3ea8..4cfe92f 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2557,7 +2676,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2557,7 +2678,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -66135,7 +66005,7 @@ index 7dc3ea8..4cfe92f 100644 ONE("syscall", S_IRUSR, proc_pid_syscall), #endif ONE("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2582,10 +2701,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2582,10 +2703,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -66148,7 +66018,7 @@ index 7dc3ea8..4cfe92f 100644 ONE("stack", S_IRUSR, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2619,6 +2738,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2619,6 +2740,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL ONE("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -66158,7 +66028,7 @@ index 7dc3ea8..4cfe92f 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2748,7 +2870,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2748,7 +2872,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -66173,7 +66043,7 @@ index 7dc3ea8..4cfe92f 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2786,7 +2915,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2786,7 +2917,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -66185,7 +66055,7 @@ index 7dc3ea8..4cfe92f 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -2900,7 +3033,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2900,7 +3035,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -66194,7 +66064,7 @@ index 7dc3ea8..4cfe92f 100644 ONE("syscall", S_IRUSR, proc_pid_syscall), #endif ONE("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2927,10 +3060,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2927,10 +3062,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -80775,10 +80645,10 @@ index 2fb2ca2..d6a3340 100644 #define current_cred_xxx(xxx) \ ({ \ diff --git a/include/linux/crypto.h b/include/linux/crypto.h -index d45e949..51cf5ea 100644 +index dc34dfc..bdf9b5d 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h -@@ -373,7 +373,7 @@ struct cipher_tfm { +@@ -386,7 +386,7 @@ struct cipher_tfm { const u8 *key, unsigned int keylen); void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); @@ -80787,7 +80657,7 @@ index d45e949..51cf5ea 100644 struct hash_tfm { int (*init)(struct hash_desc *desc); -@@ -394,13 +394,13 @@ struct compress_tfm { +@@ -407,13 +407,13 @@ struct compress_tfm { int (*cot_decompress)(struct crypto_tfm *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen); @@ -82923,7 +82793,7 @@ index ff9f1d3..6712be5 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index e465bb1..19f605f 100644 +index e465bb1..19f605fd 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -52,7 +52,7 @@ extern int kgdb_connected; @@ -83055,10 +82925,10 @@ index a6059bd..8126d5c 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index bd5fefe..2a8a8d2 100644 +index fe0bf8d..c511ca6 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -976,7 +976,7 @@ struct ata_port_operations { +@@ -977,7 +977,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -93583,7 +93453,7 @@ index 31ea01f..7fc61ef 100644 } diff --git a/kernel/time/time.c b/kernel/time/time.c -index a9ae20f..d3fbde7 100644 +index 22d5d3b..70caeb2 100644 --- a/kernel/time/time.c +++ b/kernel/time/time.c @@ -173,6 +173,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -94433,10 +94303,10 @@ index 70bf118..4be3c37 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index 09b685d..d3565e3 100644 +index 66940a5..a44fed0 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4508,7 +4508,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4499,7 +4499,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -95347,10 +95217,10 @@ index 0ae0df5..82ac56b 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index 14b4642..d71ba82 100644 +index 37beab9..2c55a85 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2101,7 +2101,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -2097,7 +2097,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -95359,7 +95229,7 @@ index 14b4642..d71ba82 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2279,6 +2279,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2275,6 +2275,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -104871,10 +104741,10 @@ index a4b5e2a..13b1de3 100644 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 5016a69..594f8e9 100644 +index c588012..b0d4ef8 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -1739,6 +1739,10 @@ void nf_conntrack_init_end(void) +@@ -1737,6 +1737,10 @@ void nf_conntrack_init_end(void) #define DYING_NULLS_VAL ((1<<30)+1) #define TEMPLATE_NULLS_VAL ((1<<30)+2) @@ -104885,7 +104755,7 @@ index 5016a69..594f8e9 100644 int nf_conntrack_init_net(struct net *net) { int ret = -ENOMEM; -@@ -1764,7 +1768,11 @@ int nf_conntrack_init_net(struct net *net) +@@ -1762,7 +1766,11 @@ int nf_conntrack_init_net(struct net *net) if (!net->ct.stat) goto err_pcpu_lists; diff --git a/3.18.4/4425_grsec_remove_EI_PAX.patch b/3.18.5/4425_grsec_remove_EI_PAX.patch index 86e242a..86e242a 100644 --- a/3.18.4/4425_grsec_remove_EI_PAX.patch +++ b/3.18.5/4425_grsec_remove_EI_PAX.patch diff --git a/3.18.4/4427_force_XATTR_PAX_tmpfs.patch b/3.18.5/4427_force_XATTR_PAX_tmpfs.patch index 22c9273..22c9273 100644 --- a/3.18.4/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.18.5/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.18.4/4430_grsec-remove-localversion-grsec.patch b/3.18.5/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.18.4/4430_grsec-remove-localversion-grsec.patch +++ b/3.18.5/4430_grsec-remove-localversion-grsec.patch diff --git a/3.18.4/4435_grsec-mute-warnings.patch b/3.18.5/4435_grsec-mute-warnings.patch index 0585e08..0585e08 100644 --- a/3.18.4/4435_grsec-mute-warnings.patch +++ b/3.18.5/4435_grsec-mute-warnings.patch diff --git a/3.18.4/4440_grsec-remove-protected-paths.patch b/3.18.5/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.18.4/4440_grsec-remove-protected-paths.patch +++ b/3.18.5/4440_grsec-remove-protected-paths.patch diff --git a/3.18.4/4450_grsec-kconfig-default-gids.patch b/3.18.5/4450_grsec-kconfig-default-gids.patch index 5c025da..5c025da 100644 --- a/3.18.4/4450_grsec-kconfig-default-gids.patch +++ b/3.18.5/4450_grsec-kconfig-default-gids.patch diff --git a/3.18.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.18.5/4465_selinux-avc_audit-log-curr_ip.patch index ba89596..ba89596 100644 --- a/3.18.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.18.5/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.18.4/4470_disable-compat_vdso.patch b/3.18.5/4470_disable-compat_vdso.patch index df785ab..df785ab 100644 --- a/3.18.4/4470_disable-compat_vdso.patch +++ b/3.18.5/4470_disable-compat_vdso.patch diff --git a/3.18.4/4475_emutramp_default_on.patch b/3.18.5/4475_emutramp_default_on.patch index ad4967a..ad4967a 100644 --- a/3.18.4/4475_emutramp_default_on.patch +++ b/3.18.5/4475_emutramp_default_on.patch |